1 /* 2 * m_egress.c ingress/egress packet mirror/redir actions module 3 * 4 * This program is free software; you can distribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Authors: J Hadi Salim (hadi (at) cyberus.ca) 10 * 11 * TODO: Add Ingress support 12 * 13 */ 14 15 #include <stdio.h> 16 #include <stdlib.h> 17 #include <unistd.h> 18 #include <syslog.h> 19 #include <fcntl.h> 20 #include <sys/socket.h> 21 #include <netinet/in.h> 22 #include <arpa/inet.h> 23 #include <string.h> 24 #include "utils.h" 25 #include "tc_util.h" 26 #include "tc_common.h" 27 #include <linux/tc_act/tc_mirred.h> 28 29 static void 30 explain(void) 31 { 32 fprintf(stderr, "Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME> \n"); 33 fprintf(stderr, "where: \n"); 34 fprintf(stderr, "\tDIRECTION := <ingress | egress>\n"); 35 fprintf(stderr, "\tACTION := <mirror | redirect>\n"); 36 fprintf(stderr, "\tINDEX is the specific policy instance id\n"); 37 fprintf(stderr, "\tDEVICENAME is the devicename \n"); 38 39 } 40 41 static void 42 usage(void) 43 { 44 explain(); 45 exit(-1); 46 } 47 48 char *mirred_n2a(int action) 49 { 50 switch (action) { 51 case TCA_EGRESS_REDIR: 52 return "Egress Redirect"; 53 case TCA_INGRESS_REDIR: 54 return "Ingress Redirect"; 55 case TCA_EGRESS_MIRROR: 56 return "Egress Mirror"; 57 case TCA_INGRESS_MIRROR: 58 return "Ingress Mirror"; 59 default: 60 return "unknown"; 61 } 62 } 63 64 int 65 parse_egress(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) 66 { 67 68 int argc = *argc_p; 69 char **argv = *argv_p; 70 int ok = 0, iok = 0, mirror=0,redir=0; 71 struct tc_mirred p; 72 struct rtattr *tail; 73 char d[16]; 74 75 memset(d,0,sizeof(d)-1); 76 memset(&p,0,sizeof(struct tc_mirred)); 77 78 while (argc > 0) { 79 80 if (matches(*argv, "action") == 0) { 81 break; 82 } else if (matches(*argv, "egress") == 0) { 83 NEXT_ARG(); 84 ok++; 85 continue; 86 } else { 87 88 if (matches(*argv, "index") == 0) { 89 NEXT_ARG(); 90 if (get_u32(&p.index, *argv, 10)) { 91 fprintf(stderr, "Illegal \"index\"\n"); 92 return -1; 93 } 94 iok++; 95 if (!ok) { 96 argc--; 97 argv++; 98 break; 99 } 100 } else if(!ok) { 101 fprintf(stderr, "was expecting egress (%s)\n", *argv); 102 break; 103 104 } else if (!mirror && matches(*argv, "mirror") == 0) { 105 mirror=1; 106 if (redir) { 107 fprintf(stderr, "Cant have both mirror and redir\n"); 108 return -1; 109 } 110 p.eaction = TCA_EGRESS_MIRROR; 111 p.action = TC_ACT_PIPE; 112 ok++; 113 } else if (!redir && matches(*argv, "redirect") == 0) { 114 redir=1; 115 if (mirror) { 116 fprintf(stderr, "Cant have both mirror and redir\n"); 117 return -1; 118 } 119 p.eaction = TCA_EGRESS_REDIR; 120 p.action = TC_ACT_STOLEN; 121 ok++; 122 } else if ((redir || mirror) && matches(*argv, "dev") == 0) { 123 NEXT_ARG(); 124 if (strlen(d)) 125 duparg("dev", *argv); 126 127 strncpy(d, *argv, sizeof(d)-1); 128 argc--; 129 argv++; 130 131 break; 132 133 } 134 } 135 136 NEXT_ARG(); 137 } 138 139 if (!ok && !iok) { 140 return -1; 141 } 142 143 144 145 if (d[0]) { 146 int idx; 147 ll_init_map(&rth); 148 149 if ((idx = ll_name_to_index(d)) == 0) { 150 fprintf(stderr, "Cannot find device \"%s\"\n", d); 151 return -1; 152 } 153 154 p.ifindex = idx; 155 } 156 157 158 if (argc && p.eaction == TCA_EGRESS_MIRROR) { 159 160 if (matches(*argv, "reclassify") == 0) { 161 p.action = TC_POLICE_RECLASSIFY; 162 NEXT_ARG(); 163 } else if (matches(*argv, "pipe") == 0) { 164 p.action = TC_POLICE_PIPE; 165 NEXT_ARG(); 166 } else if (matches(*argv, "drop") == 0 || 167 matches(*argv, "shot") == 0) { 168 p.action = TC_POLICE_SHOT; 169 NEXT_ARG(); 170 } else if (matches(*argv, "continue") == 0) { 171 p.action = TC_POLICE_UNSPEC; 172 NEXT_ARG(); 173 } else if (matches(*argv, "pass") == 0) { 174 p.action = TC_POLICE_OK; 175 NEXT_ARG(); 176 } 177 178 } 179 180 if (argc) { 181 if (iok && matches(*argv, "index") == 0) { 182 fprintf(stderr, "mirred: Illegal double index\n"); 183 return -1; 184 } else { 185 if (matches(*argv, "index") == 0) { 186 NEXT_ARG(); 187 if (get_u32(&p.index, *argv, 10)) { 188 fprintf(stderr, "mirred: Illegal \"index\"\n"); 189 return -1; 190 } 191 argc--; 192 argv++; 193 } 194 } 195 } 196 197 tail = NLMSG_TAIL(n); 198 addattr_l(n, MAX_MSG, tca_id, NULL, 0); 199 addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof (p)); 200 tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail; 201 202 *argc_p = argc; 203 *argv_p = argv; 204 return 0; 205 } 206 207 208 int 209 parse_mirred(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) 210 { 211 212 int argc = *argc_p; 213 char **argv = *argv_p; 214 215 if (argc < 0) { 216 fprintf(stderr,"mirred bad arguement count %d\n", argc); 217 return -1; 218 } 219 220 if (matches(*argv, "mirred") == 0) { 221 NEXT_ARG(); 222 } else { 223 fprintf(stderr,"mirred bad arguement %s\n", *argv); 224 return -1; 225 } 226 227 228 if (matches(*argv, "egress") == 0 || matches(*argv, "index") == 0) { 229 int ret = parse_egress(a, &argc, &argv, tca_id, n); 230 if (ret == 0) { 231 *argc_p = argc; 232 *argv_p = argv; 233 return 0; 234 } 235 236 } else if (matches(*argv, "ingress") == 0) { 237 fprintf(stderr,"mirred ingress not supported at the moment\n"); 238 } else if (matches(*argv, "help") == 0) { 239 usage(); 240 } else { 241 fprintf(stderr,"mirred option not supported %s\n", *argv); 242 } 243 244 return -1; 245 246 } 247 248 int 249 print_mirred(struct action_util *au,FILE * f, struct rtattr *arg) 250 { 251 struct tc_mirred *p; 252 struct rtattr *tb[TCA_MIRRED_MAX + 1]; 253 const char *dev; 254 SPRINT_BUF(b1); 255 256 if (arg == NULL) 257 return -1; 258 259 parse_rtattr_nested(tb, TCA_MIRRED_MAX, arg); 260 261 if (tb[TCA_MIRRED_PARMS] == NULL) { 262 fprintf(f, "[NULL mirred parameters]"); 263 return -1; 264 } 265 p = RTA_DATA(tb[TCA_MIRRED_PARMS]); 266 267 /* 268 ll_init_map(&rth); 269 */ 270 271 272 if ((dev = ll_index_to_name(p->ifindex)) == 0) { 273 fprintf(stderr, "Cannot find device %d\n", p->ifindex); 274 return -1; 275 } 276 277 fprintf(f, "mirred (%s to device %s) %s", mirred_n2a(p->eaction), dev,action_n2a(p->action, b1, sizeof (b1))); 278 279 fprintf(f, "\n "); 280 fprintf(f, "\tindex %d ref %d bind %d",p->index,p->refcnt,p->bindcnt); 281 282 if (show_stats) { 283 if (tb[TCA_MIRRED_TM]) { 284 struct tcf_t *tm = RTA_DATA(tb[TCA_MIRRED_TM]); 285 print_tm(f,tm); 286 } 287 } 288 fprintf(f, "\n "); 289 return 0; 290 } 291 292 struct action_util mirred_action_util = { 293 .id = "mirred", 294 .parse_aopt = parse_mirred, 295 .print_aopt = print_mirred, 296 }; 297
